1 Answer
1

The -1 or -2 part is a version number. A module that is FIPS-140-2-compliant is not more secure than a module that is FIPS-140-1-compliant, it is only more up-to-date in the certification process. The requirements for FIPS 140-1 level N and FIPS 140-2 level N are broadly similar. In other words, you get the same amount of security from FIPS 140-2 level 1 as from FIPS 140-1 level 1, and so on. There are 4 steps, not 8 — it's just that the requirements for climbing those steps were tweaked.

You can no longer have a product validated under FIPS 140-1, because it is no longer a current standard. I believe US agencies are still authorized to purchase products based on a FIPS 140-1 certificate, with the same level requirements as for FIPS 140-2 certifications.